CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,852 vulnerabilities with CWE-89
CVE-2019-5996 HIGH
Panasonic Video Insight VMS < 7.3.2.5 - Authenticated SQL Injection
CVSS 8.8
CVE-2019-5991 HIGH
Cybozu Garoon 4.0.0-4.10.3 - Authenticated SQL Injection
CVSS 7.6
CVE-2019-3760 MEDIUM
RSA Identity Governance and Lifecycle < 7.1.0 P08 - Authenticated SQL Injection in Workflow Architect
CVSS 6.4
CVE-2019-12465 HIGH
LibreNMS < 1.53 - SQL Injection via ajax_rulesuggest.php term Parameter
CVSS 8.1
CVE-2019-10671 HIGH
LibreNMS < 1.47 - Authenticated SQL Injection via graph.php sort Parameter
CVSS 8.8
CVE-2019-16125 CRITICAL
Jobberbase 2.0 - SQL Injection via Category Parameter
CVSS 9.8
CVE-2019-16119 CRITICAL
10Web Photo Gallery <1.5.35 - SQL Injection
CVSS 9.8
CVE-2019-13191 HIGH
IntraMaps 8.0-8.1 - SQL Injection via Search Refine Set Page
CVSS 7.5
CVE-2019-5070 MEDIUM
eFront LMS < 5.2.12 - Unauthenticated SQL Injection via Login Page
CVSS 6.5
CVE-2019-15872 CRITICAL
LoginPress < 1.1.4 - SQL Injection via Settings Import
CVSS 9.8
CVE-2019-11363 HIGH
Snare Central <7.4.5 - SQL Injection
CVSS 7.2
CVE-2019-14314 CRITICAL
Imagely NextGEN Gallery <3.2.11 - SQL Injection
CVSS 9.8
CVE-2019-15659 CRITICAL
Pie Register < 3.1.2 - SQL Injection
CVSS 9.8
CVE-2019-15646 CRITICAL
RSVPMaker < 6.2 - SQL Injection
CVSS 9.8
CVE-2019-15658 HIGH
connect-pg-simple < 6.0.1 - SQL Injection via Untrusted tableName or schemaName
CVSS 7.3
CVE-2019-15533 CRITICAL
xayr xenfcoresharp < 2019-07-16 - SQL Injection in web/verify.php
CVSS 9.8
CVE-2019-15558 CRITICAL
XM^online 2 Common Utils and Endpoints 0.2.1 - SQL Injection
CVSS 9.8
CVE-2019-15557 CRITICAL
XM^online 2 User Account and Authentication Server 1.0.0 - SQL Injection via Tenant Key
CVSS 9.8
CVE-2019-15555 CRITICAL
Wellness < 2019-06-19 - SQL Injection via dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php
CVSS 9.8
CVE-2019-15560 CRITICAL
Reviews Module < 2019-06-04 - SQL Injection in database/index.js
CVSS 9.8
CVE-2019-15559 CRITICAL
hawn < 2019-07-10 - SQL Injection
CVSS 9.8
CVE-2019-15574 CRITICAL
Gesior-AAC < 2019-05-01 - SQL Injection via accountmanagement.php serviceID Parameter
CVSS 9.8
CVE-2019-15573 CRITICAL
Gesior-AAC < 2019-05-01 - SQL Injection via tankyou.php
CVSS 9.8
CVE-2019-15572 CRITICAL
Gesior-AAC < 2019-05-01 - SQL Injection via ServiceCategoryID Parameter
CVSS 9.8
CVE-2019-15571 CRITICAL
ClonOS < 2019-04-30 - SQL Injection in clonos.php
CVSS 9.8
Details
Vulnerabilities 19,852
Exploit Likelihood High